Title
feat(audit): write run manifest recording invocation context for every command
Output: what changes
After this issue — every command writes a .crane-run.json in its output directory:
$ crane export -n my-app -e ./export
... (normal output) ...
$ cat export/.crane-run.json
{
"schemaVersion": "v1",
"command": "export",
"craneVersion": "v0.0.6",
"cranelibVersion": "v0.1.6",
"timestamp": "2026-04-18T14:32:01Z",
"duration": "12.4s",
"user": "ssingla",
"hostname": "macbook.local",
"flags": {
"namespace": "my-app",
"export-dir": "export",
"context": "eks-prod"
},
"kubernetes": {
"serverVersion": "v1.28.3",
"context": "eks-prod"
},
"result": {
"status": "completed_with_warnings",
"resourcesProcessed": 47,
"warnings": 3
}
}
Written for export, transform, and apply.
Description
Context
There is no record of who ran what command with which flags at what time. Reproducing a migration run requires asking the operator. The run manifest captures the full invocation context so anyone can understand or reproduce it later.
User outcome
- Security auditors can identify who, when, where, and with what flags.
- Support engineers can reproduce the exact invocation.
Scope
- Define
RunManifest struct in internal/audit/run_manifest.go.
- Write
.crane-run.json at the end of export, transform, and apply Run() methods.
- Capture: command, versions, timestamp, duration, user, hostname, flags, kubernetes context (export only), result status.
Acceptance criteria
Title
feat(audit): write run manifest recording invocation context for every commandOutput: what changes
After this issue — every command writes a
.crane-run.jsonin its output directory:Written for
export,transform, andapply.Description
Context
There is no record of who ran what command with which flags at what time. Reproducing a migration run requires asking the operator. The run manifest captures the full invocation context so anyone can understand or reproduce it later.
User outcome
Scope
RunManifeststruct ininternal/audit/run_manifest.go..crane-run.jsonat the end ofexport,transform, andapplyRun()methods.Acceptance criteria
crane exportwritesexport/.crane-run.json.crane transformwritestransform/.crane-run.json.crane applywritesoutput/.crane-run.json.schemaVersion, command, versions, timestamp, duration, flags, and result status.go test ./...passes.